ISSUE 488: The high tech office- March
2 1999
ALAN ZISMAN
You can burn or shred hard copy memos,
but e-mails are eternally damning
Last week we looked at the good and bad sides
of e-mail -- the pleasure of reader-requested mailing lists and the
pain of unrequested junk mail, known as spam.
But there's more to e-mail than that. More and more,
e-mail records are being subpoenaed as evidence in court cases.
Consider the recent high-profile anti-trust case by
the U.S. Justice Department against Microsoft. The Feds
got to pick through the software firm's internal messages, finding
quotes to bring up in court.
E-mail is also playing a role in less-publicized court
cases. Not long ago, a systems analyst fired by Nova Scotia Power
Corp. won pay and benefits, along with $40,000 for "mental
distress," at least partly as a result of evidence of e-mail about the
employee sent out by the company's controller.
In another case, sexually explicit messages
distributed over Micro-
soft's internal system were used as evidence that the company had
failed to provide a harassment-free work environment.
Increasingly, companies are discovering that e-mail,
by virtue of its very convenience, also provides a written record --
for better and for worse.
E-mail tends to be less formal than company memos. As
a result, opinions tend to be expressed that might never be put down on
paper. But the problem is that e-mail can be more easily and widely
distributed.
And e-mail is a record that can be surprisingly
long-lasting. An individual user may periodically clean out his or her
message boxes, but copies also exist on the computer of whoever sent
the messages, along with anyone to whom the messages were forwarded.
And most networks (including your Internet Service
Provider) are regularly backed up (as they should be!). These backups
provide yet an-
other source of copies of your mail -- a source that hasn't been missed
in the sweep for court evidence.
Some companies have started monitoring computer use --
aiming to crack down on the use of company resources by employees for
everything from viewing pornography to running businesses. But many
companies have hesitated, not wanting to create a Big Brother
atmosphere at work.
Toronto IT lawyer Alan Gahtan, author of Internet
Law: A Practical Guide for Legal and Business Professionals,
suggests that contrary to popular opinion, Canadian law is not yet
clear on whether employers have the right to monitor employee e-mail.
Montreal-based Jurifax Inc. suggests that a
clear company policy on e-mail use can help and has sample policies for
sale at its Web site (www.jurifax.com).
Gahtan agrees that having a policy can help clarify
this often murky area by making clear there should be no expectation of
privacy. *
What do you get when you combine Excel 95 or 97
and an Internet browser?
According to Israeli computer security company, Finjan
Inc., you might have the "most significant security threat to
business since the Internet." In January, the company announced the
discovery of a security breach that they claim "could affect literally
tens of millions of Internet users."
The firm is referring to the so-called Russian New
Year Exploitation, which allows an outsider to copy data files from a
computer. These attacks have been confirmed on the various Windows
platforms, while the company suspects that Macs running Microsoft
Office could be equally vulnerable. So far, only computers running
Excel seems to be susceptible, with attackers using a combination of
HTML code and Excel's CALL function, allowing any Web browser to be
used to punch an undetectable hole in network security.
By simply visiting a suspect Web site, a user can open
the door to an attack -- even if Excel isn't running at the time. And
because these attacks can happen without the user being aware they've
taken place, it's difficult to know whether many businesses have
already lost data. Other attacks made possible in this way include
grabbing passwords stored on a system or even inserting a so-called
BIOS bomb -- which could potentially make a computer completely
unusable.
Microsoft has posted a patch to disable the CALL
function -- for Excel 97 only--on their Web site at
officeupdate.microsoft.com. Finjan suggests that
concerned users install the two Office service releases, along with
this patch. As well, Internet Explorer browser users should set the
security level to "high," while Netscape users should upgrade to the
latest version (4.5) and set it to block plug-ins.
The Internet opens us up to a huge world out there. As
is often the case, this can be simultaneously a blessing and a curse.
From lawsuits to unhappy Russian New Years, we see that spam e-mail is
nowhere near as bad as it can get.
I promise to be more positive next week! *
|